UD5 Toolkit
CORS Header Debugger - Online Check Cross‑Origin Access
Enter a URL and see its CORS headers. Understand why a fetch fails. Check preflight responses. Client‑side debugger.
Cross‑Origin Isolation Checker - Online COOP/COEP Test
Cross-Origin Isolation Checker
Verify COOP / COEP headers & browser cross-origin isolation status
Cross-Origin-Opener-Policy
Cross-Origin-Embedder-Policy
Checking your browser...
Why does it matter?
Cross-origin isolation enables powerful features like SharedArrayBuffer, performance.measureUserAgentSpecificMemory(), and high-resolution timers. Without proper COOP/COEP headers, these APIs are blocked.
Check Any URL (curl command)
Enter a URL to generate a ready-to-use curl command that fetches Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy headers. Run it in your terminal.
How to Enable COOP
Add this HTTP response header to your top-level document:
Cross-Origin-Opener-Policy: same-origin
Possible values: unsafe-none, same-origin-allow-popups, same-origin
How to Enable COEP
Add this HTTP response header:
Cross-Origin-Embedder-Policy: require-corp
or credentialless (no CORP required for cross-origin resources).
Frequently Asked Questions
Cross-origin isolation is a browser security policy that restricts interactions with cross-origin documents and resources. It is enabled when both Cross-Origin-Opener-Policy (COOP) and Cross-Origin-Embedder-Policy (COEP) are set to specific values. This isolation unlocks powerful but potentially dangerous APIs like
SharedArrayBuffer.
Open the developer console (F12) and type
self.crossOriginIsolated. If it returns true, your page is isolated. You can also inspect the Network tab and look for the COOP/COEP headers or use this tool to generate a curl command.
To achieve full cross-origin isolation, you need:
Cross-Origin-Opener-Policy: same-originCross-Origin-Embedder-Policy: require-corp(orcredentialless)
require-corp, all cross-origin resources (images, scripts, etc.) must be loaded with Cross-Origin-Resource-Policy: cross-origin or serve appropriate CORS headers.
Cross-Origin-Opener-Policy (COOP) controls how a top-level document interacts with cross-origin windows. Setting it to
same-origin isolates your browsing context from different origins, preventing cross-origin attacks via window.opener.
Cross-Origin-Embedder-Policy (COEP) prevents your document from loading any cross-origin resource that doesn’t explicitly grant permission (via CORP or CORS). The value
require-corp enforces this, while credentialless allows loading cross-origin resources without credentials and without requiring CORP.
COOP isolates the top-level browsing context; COEP controls which resources can be embedded; Cross-Origin-Resource-Policy (CORP) tells the browser whether a resource can be loaded by another origin. All three work together to enforce cross-origin isolation.
DNS Propagation Checker - Online Verify Record Status
Query a domain's DNS record against multiple public resolvers (Google, Cloudflare) and see how it propagates. Client‑side fetch.
DNS Lookup - Online Domain Records Checker (A, MX, CNAME)
Query DNS records for any domain directly from your browser using DNS-over-HTTPS. See A, AAAA, MX, CNAME, and TXT records. No logs.
Robots.txt Tester - Online Check URL Allow/Disallow
Enter a URL and a user‑agent to see if it is allowed or blocked by the robots.txt file. Quick bot validation.
prefers‑reduced‑motion Tester - Online A11y Check
Simulate reduced motion preference and test your animations. Copy the media query snippet. Keep your users safe.
IBAN Structure Checker - Online Validate Format & Country
Check if an IBAN has the correct length and structure for its country. Early validation, no bank connection.
content‑visibility: auto Tester - Online Render Deferral
Apply content‑visibility: auto to off‑screen sections and see the rendering cost drop. Demos for infinite scroll optimization.
CJK Text Line Break Tester - Online word‑break & line‑break
Test different line‑break and word‑break values on Chinese/Japanese/Korean text. See how browsers wrap. Essential for i18n.
Live Web Vitals Monitor - Online Real‑Time LCP, INP, CLS
Patch the PerformanceObserver and show your page’s Core Web Vitals as you browse. See real‑time scores and suggestions.
Text Similarity Checker - Online Cosine & Jaccard
Paste two texts and see cosine and Jaccard similarity scores. Understand how close two documents are. All local math.
forced‑colors Mode Tester - Online Windows High Contrast
Simulate forced‑colors mode and see how your site looks. Adjust CSS system colors. Make your design accessible.
WebTransport Echo Client - Online QUIC Test
Connect to a WebTransport server and exchange data over QUIC. See latency and throughput. Perfect for exploring low‑latency real‑time APIs.
Picture‑in‑Picture Tester - Online Float Video Anywhere
Open a test video in Picture‑in‑Picture mode. Control entering and leaving PiP. Copy the code snippet for your own app.
transform‑style: preserve‑3d Tester - Online 3D Nesting
Nest elements in 3D space with preserve‑3d vs flat. Rotate the parent and see children behave differently.
aria‑hidden Conflict Finder - Online A11y Audit
Paste HTML and detect elements with aria‑hidden='true' that contain focusable children. An easy a11y win to fix.
Crossword Builder - Online Create & Solve Simple Puzzles
Build a small crossword by adding words and clues. Export as a printable grid or solve in browser. Perfect for classrooms.
Real‑Sample Contrast Checker - Online See Paragraph
See how a full paragraph looks with your chosen text and background colors. Not just a ratio; the real appearance.
Advanced Set‑Cookie String Parser - Online Decode Flags
Paste a `Set‑Cookie` header and see all attributes parsed: domain, path, Max‑Age, SameSite, Secure, HttpOnly. Debug cookies easily.
Font Tech & Format Checker - Online Supports incremental font?
Detect browser support for font‑tech() and font‑format() values in @font‑face src. Check COLRv1, variable, etc.
Shamir's Secret Sharing Demo - Online Split & Recover Secret
Split a secret string into N shares where K are needed to recover. Educational cryptography demo. Uses simple XOR-based scheme. Local.
Regex Lookaround Tester - Online Experiment with Lookahead
Practice positive/negative lookahead and lookbehind. See matches highlighted live. Master advanced regex.
scrollbar‑gutter Tester - Online Prevent Layout Shift
Toggle scrollbar‑gutter: stable to reserve space for the scrollbar and avoid content jumps. Visual demo with two columns.
SSL Certificate Checker - Online TLS Expiry & Info Tool
Inspect any website's SSL/TLS certificate details: issuer, expiry date, subject, and SANs. Verify certificate chains. All checks are private and require no server upload.
Semaphore Flag Translator - Online Signal Code Converter
Translate text into semaphore flag positions and decode semaphore back to letters. Interactive animated flags. For scouts and maritime fans.
Accept‑Language Header Visualizer - Online Locale Match
Paste your Accept‑Language header and see which languages your site should serve based on quality values. Internationalization helper.
Local Peer‑to‑Peer Chat - Online No‑Server Messenger
Create a temporary chat room between two browser tabs or devices on the same network using WebRTC data channels. Copy the code.
CAA Record Generator - Online DNS Certification Authority
Create a CAA DNS record to specify which certificate authorities can issue SSL certs for your domain. Prevent mis‑issuance.
Beat Sync Tester - Online Tap Tempo & BPM Counter
Tap any key to the beat and get the BPM (beats per minute). Useful for DJs, musicians, and running. Simple and accurate.
Simple Page Speed Tester - Online Core Web Vitals Emulator
Enter a URL and get a quick simulation of First Contentful Paint, LCP, and CLS using browser metrics. Lightweight alternative.
Broadcast Channel API Demo - Online Cross‑Tab Communication
Open the same page in two tabs and send messages between them. See real‑time cross‑tab communication. Learn the API.